This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: ssh patches to fix installation issues


The default umask has been changed, but the new /etc/profile
won't have overwrote your old one.

J.

> From: Ross Smith II [mailto:ross@smithii.com]
> 
> Attached are three small patches to the following files:
> 
> /bin/ssh-host-config
> /bin/ssh-user-config
> /usr/doc/Cygwin/openssh-3.4p1-5.README
> 
> to fix some installation issues and better explain using sshd 
> in Windows.
> 
> The ssh-user-config changes are due to the fact that the 
> default cygwin
> umask is 000. Maybe a .bash_profile could be created 
> containing umask 022
> when the user's home directory is first created.  Just a thought.
> 
> This is the culmination of 6 hours of list perusing, and hair 
> pulling, so
> it's definitely "field tested".
> 
> Hope this helps,
> 
> Ross Smith
> 
> --- ssh-host-config.orig	2002-07-07 03:07:12.000000000 -0700
> +++ ssh-host-config	2002-10-23 16:11:12.000000000 -0700
> @@ -164,6 +164,7 @@
>    if [ $_nt -gt 0 ]
>    then
>      chown system.system /var/empty
> +    chmod 755 /var/empty
>    fi
>  fi
> 
> --- ssh-user-config.orig	2002-06-21 13:32:33.000000000 -0700
> +++ ssh-user-config	2002-10-23 16:15:24.000000000 -0700
> @@ -123,6 +123,8 @@
>    fi
>  fi
> 
> +chown `whoami` ${pwdhome}
> +
>  if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
>  then
>    echo "${pwdhome}/.ssh is existant but not a directory. 
> Cannot create user
> identity files."
> @@ -139,6 +141,8 @@
>    fi
>  fi
> 
> +chmod 755 ${pwdhome}/.ssh
> +
>  if [ ! -f "${pwdhome}/.ssh/identity" ]
>  then
>    if request "Shall I create an SSH1 RSA identity file for you?"
> @@ -196,5 +200,8 @@
>    fi
>  fi
> 
> +chmod 600 ${pwdhome}/.ssh/*
> +chmod 644 ${pwdhome}/.ssh/*.pub ${pwdhome}/.ssh/authorized_keys?
> +
>  echo
>  echo "Configuration finished. Have fun!"
> 
> --- openssh-3.4p1-5.README.orig	2002-10-23 
> 15:20:39.000000000 -0700
> +++ openssh-3.4p1-5.README	2002-10-23 16:23:03.000000000 -0700
> @@ -123,12 +123,53 @@
> 
>  - If you want to authenticate via RSA and you want to login to that
>    machine to exactly one user account you can do so by running sshd
> -  under that user account. You must change /etc/sshd_config
> -  to contain the following:
> +  under that user account.
> +
> +  * Change /etc/sshd_config to contain
> 
>    RSAAuthentication yes
> 
> -  Moreover it's possible to use rhosts and/or rhosts with
> +  * Make sure you have executed the following:
> +
> +    $ ssh-host-config
> +    $ ssh-user-config
> +
> +  * Due to the fact that cygwin's default umask is 0000, you 
> will need
> +    to execute the following (substituting your user name 
> for USERNAME):
> +
> +	chown USERNAME ~
> +	chmod 755 ~ ~/.ssh
> +	chmod 600 ~/.ssh/*
> +	chmod 644 ~/.ssh/*.pub ~/.ssh/authorized_keys?
> +
> +  * Reinstall the ssh daemon to run as the user. Execute the 
> following
> +    (substituting your user name for USERNAME, and your password for
> PASSWORD):
> +
> +	chmod 666 /var/log/sshd.log /var/empty
> +	rm -fr /var/log/sshd.log /var/empty
> +	touch /var/log/sshd.log
> +	chmod 644 /var/log/sshd.log
> +	chmod 755 /var/empty
> +	chown USERNAME.None /var/empty /etc/ssh_host_* /var/log/sshd.log
> +	cygrunsrv --stop sshd
> +	cygrunsrv --remove sshd
> +	cygrunsrv --install sshd -e "CYGWIN=glob ntsec binmode" \
> +	   -u USERNAME \
> +	   -w "PASSWORD" \
> +	   -d "sshd" \
> +	   -p /usr/sbin/sshd.exe \
> +	   -1 /var/log/sshd.log \
> +	   -2 /var/log/sshd.log \
> +	   -a "-e -D"
> +	cygrunsrv --start sshd
> +
> +  * NOTE: The user will not be able to login using their 
> Windows password.
> +    They will only be able to login using RSA authentication.
> +
> +    Therefore, you will need to copy your identity.pub and id_??a.pub
> +    files into authorized_keys, and authorized_keys2, respectfully.
> +
> +  Moreover, it's possible to use rhosts and/or rhosts with
>    RSA authentication by setting the following in sshd_config:
> 
>    RhostsAuthentication yes
> 


=======================================================================
Information in this email and any attachments are confidential, and may
not be copied or used by anyone other than the addressee, nor disclosed
to any third party without our permission.  There is no intention to
create any legally binding contract or other commitment through the use
of this email.

Experian Limited (registration number 653331).  
Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]